US10530753B2ActiveUtilityA1

System and method for secure cloud computing

67
Assignee: VIRTUSTREAM IP HOLDING COMPANY LLCPriority: Mar 25, 2010Filed: May 31, 2017Granted: Jan 7, 2020
Est. expiryMar 25, 2030(~3.7 yrs left)· nominal 20-yr term from priority
H04L 63/062H04L 63/0853H04L 9/0897H04L 9/3239H04L 63/0876H04L 63/0435G06F 9/45558G06F 2009/45587H04L 9/3234G06F 21/602G06F 21/57G06F 21/64
67
PatentIndex Score
1
Cited by
47
References
20
Claims

Abstract

In a method for secure cloud computing, a virtual machine (VM) associated with a client is executed at a computer within a trusted computing cloud. An image including state information of the VM is obtained; storage of the image is arranged; a freshness hash of the image is determined; and the freshness hash is sent to the client. Subsequently, at the same computer or at a different computer within the trusted computing cloud, the stored image may be retrieved; a freshness hash of the retrieved image may be determined; the freshness hash of the retrieved image may be sent to the client; and an indication may be received from the client verifying the integrity of the freshness hash of the stored image.

Claims

exact text as granted — not AI-modified
What is claimed is: 
     
       1. A method comprising:
 receiving a request from a given client to execute a given virtual machine on a trusted computing cloud; 
 verifying an integrity of one or more software components running on at least one processing device of the trusted computing cloud to obtain a trusted cloud computing key from a hardware security module of the at least one processing device; 
 decrypting one or more encrypted client keys associated with the given client utilizing the trusted cloud computing key, the one or more encrypted client keys being obtained from a client key database in shared storage associated with the trusted computing cloud; 
 decrypting an encrypted image of the given virtual machine utilizing at least one of the one or more decrypted client keys, the encrypted image of the given virtual machine being obtained from a virtual machine image database in the shared storage; 
 computing first freshness information of the decrypted image of the given virtual machine; 
 verifying that the first freshness information matches second freshness information prior to executing the decrypted image of the given virtual machine on the trusted computing cloud; 
 initiating execution, at a first point in time responsive to verifying that the first freshness information matches the second freshness information, the decrypted image of the given virtual machine on the trusted computing cloud; 
 updating, at a second point in time after the first point in time, the second freshness information based at least in part on a current execution state of the given virtual machine on the trusted computing cloud, the updated second freshness information being signed utilizing at least one of the one or more decrypted client keys; and 
 providing the updated second freshness information to the given client. 
 
     
     
       2. The method of  claim 1  wherein the first freshness information and the second freshness information comprise respective freshness hashes. 
     
     
       3. The method of  claim 1  wherein the second freshness information comprises previous freshness information for the given virtual machine received by the given client from the trusted computing cloud. 
     
     
       4. The method of  claim 1  wherein verifying the integrity of the one or more software components running on the at least one processing device comprises:
 computing an integrity measurement of the one or more software components running on the at least one processing device; and 
 storing the computed integrity measurement in a platform configuration register of the hardware security module; 
 wherein the trusted cloud computing key is returned by the hardware security module responsive to verifying that the computed integrity measurement matches a reference value. 
 
     
     
       5. The method of  claim 4  wherein storing the computed integrity measurement comprises extending a current value of the platform configuration register. 
     
     
       6. The method of  claim 5  wherein storing the computed integrity measurement comprises:
 concatenating the computed integrity measurement with the current value of the platform configuration register; 
 hashing the concatenation of the computed integrity measurement with the current value of the platform configuration register; and 
 storing a result of the hashing as a new value of the platform configuration register. 
 
     
     
       7. The method of  claim 1  further comprising registering the given client with the trusted computing cloud, wherein registering the given client with the trusted computing cloud comprises:
 receiving a registration request from the given client; 
 recording a client identifier for the given client in a client database in the shared storage; 
 sending the client identifier and one or more public keys of the trusted computing cloud to the given client; 
 receiving a message from the given client comprising the one or more client keys associated with the given client encrypted utilizing at least one of the one or more public keys of the trusted computing cloud; 
 decrypting the message utilizing at least one private key of the trusted computing cloud to obtain the one or more client keys associated with the given client, the at least one private key of the trusted computing cloud being obtained from the hardware security module by verifying the integrity of the one or more software components running on the at least one processing device; 
 encrypting the one or more client keys utilizing the trusted cloud computing key; and 
 storing the encrypted one or more client keys in the shared storage. 
 
     
     
       8. The method of  claim 1  further comprising storing the given virtual machine image in the shared storage, wherein storing the given virtual machine image in the shared storage comprises:
 receiving a first encrypted image of the given virtual machine, the first encrypted image being signed and encrypted utilizing the one or more client keys associated with the given client; 
 obtaining the one or more encrypted client keys from the shared storage; 
 decrypting the one or more encrypted client keys utilizing the trusted cloud computing key; 
 decrypting the first encrypted image of the given virtual machine utilizing at least one of the one or more decrypted client keys; 
 verifying a signature of the given virtual machine image utilizing at least one of the one or more decrypted client keys; 
 computing the updated second freshness information for the given virtual machine image; 
 signing the updated second freshness information utilizing at least one of the one or more decrypted client keys; 
 encrypting the given virtual machine image utilizing at least one of the one or more decrypted client keys to generate a second encrypted virtual machine image; 
 storing the second encrypted virtual machine image in the shared storage; and 
 sending the signed updated second freshness information for the given virtual machine image to the given client. 
 
     
     
       9. The method of  claim 1  wherein the request to execute the given virtual machine comprises a nonce value provided by the given client, and wherein verifying the first freshness information comprises:
 signing the first freshness information utilizing at least one of the one or more decrypted client keys; 
 sending a check freshness information message to the given client, the check freshness information message comprising the signed first freshness information and the nonce value; 
 receiving an acknowledgment message from the given client, the acknowledgement message being generated responsive to the given client verifying: the nonce in the check freshness information message; a signature of the signed first freshness information in the check freshness information message; and that the first freshness information matches the second freshness information. 
 
     
     
       10. The method of  claim 1 , wherein generating the updated second freshness information for the given virtual machine comprises:
 generating an updated image of the given virtual machine executing on the trusted computing cloud, the updated image comprising the current execution state of the given virtual machine on the trusted computing cloud; 
 encrypting the updated image of the given virtual machine utilizing at least one of the one or more decrypted client keys; 
 storing the encrypted updated image of the given virtual machine in the virtual machine image database in the shared storage; 
 computing the updated second freshness information of the updated image of the given virtual machine; 
 signing the updated second freshness information utilizing at least one of the one or more decrypted client keys; 
 sending a new freshness information message to the given client, the new freshness information message comprising the signed updated second freshness information; and 
 receiving an acknowledgment from the given client responsive to the given client verifying a signature of the signed updated second freshness information. 
 
     
     
       11. The method of  claim 1  further comprising stopping execution of the given virtual machine, wherein stopping execution of the given virtual machine comprises:
 receiving a request to stop execution of the given virtual machine from the given client, the request comprising a nonce value provided by the given client; 
 stopping execution of the given virtual machine on the trusted computing cloud; 
 generating an updated image of the given virtual machine, the updated image comprising the current execution state of the given virtual machine on the trusted computing cloud; 
 encrypting the updated image of the given virtual machine utilizing at least one of the one or more decrypted client keys; 
 storing the encrypted updated image of the given virtual machine in the virtual machine image database in the shared storage; 
 computing the updated second freshness information of the updated image of the given virtual machine; 
 signing the updated second freshness information utilizing at least one of the one or more decrypted client keys; 
 sending a stop execution message to the given client, the stop execution message comprising the nonce value and the signed updated second freshness information; and 
 receiving an acknowledgment from the given client responsive to the given client verifying: the nonce in the stop execution message; and a signature of the signed updated second freshness information in the stop execution message. 
 
     
     
       12. A computer program product comprising a non-transitory computer-readable storage medium storing computer executable instructions that, when executed by at least one processing device of a trusted computing cloud cause the at least one processing device:
 to receive a request from a given client to execute a given virtual machine on the trusted computing cloud; 
 to verify an integrity of one or more software components running on the at least one processing device to obtain a trusted cloud computing key from a hardware security module of the at least one processing device; 
 to decrypt one or more encrypted client keys associated with the given client utilizing the trusted cloud computing key, the one or more encrypted client keys being obtained from a client key database in shared storage associated with the trusted computing cloud; 
 to decrypt an encrypted image of the given virtual machine utilizing at least one of the one or more decrypted client keys, the encrypted image of the given virtual machine being obtained from a virtual machine image database in the shared storage; 
 to compute first freshness information of the decrypted image of the given virtual machine; 
 to verify that the first freshness information matches second freshness information prior to executing the decrypted image of the given virtual machine on the trusted computing cloud; 
 to initiate execution, at a first point in time responsive to verifying that the first freshness information matches the second freshness information, the decrypted image of the given virtual machine on the trusted computing cloud; 
 to update, at a second point in time after the first point in time, the second freshness information based at least in part on a current execution state of the given virtual machine on the trusted computing cloud, the updated second freshness information being signed utilizing at least one of the one or more decrypted client keys; and 
 to provide the signed updated second freshness information to the given client. 
 
     
     
       13. The computer program product of  claim 12  wherein verifying the integrity of the one or more software components running on the at least one processing device comprises:
 computing an integrity measurement of the one or more software components running on the at least one processing device; and 
 storing the computed integrity measurement in a platform configuration register of the hardware security module; 
 wherein the trusted cloud computing key is returned by the hardware security module responsive to verifying that the computed integrity measurement matches a reference value. 
 
     
     
       14. The computer program product of  claim 13  wherein storing the computed integrity measurement comprises extending a current value of the platform configuration register. 
     
     
       15. The computer program product of  claim 14  wherein storing the computed integrity measurement comprises:
 concatenating the computed integrity measurement with the current value of the platform configuration register; 
 hashing the concatenation of the computed integrity measurement with the current value of the platform configuration register; and 
 storing a result of the hashing as a new value of the platform configuration register. 
 
     
     
       16. An apparatus comprising:
 at least one processing device of a trusted computing cloud comprising a hardware security module, a processor and a memory coupled to the processor; 
 the at least one processing device being configured:
 to receive a request from a given client to execute a given virtual machine on the trusted computing cloud; 
 to verify an integrity of one or more software components running on the at least one processing device to obtain a trusted cloud computing key from the hardware security module of the at least one processing device; 
 to decrypt one or more encrypted client keys associated with the given client utilizing the trusted cloud computing key, the one or more encrypted client keys being obtained from a client key database in shared storage associated with the trusted computing cloud; 
 to decrypt an encrypted image of the given virtual machine utilizing at least one of the one or more decrypted client keys, the encrypted image of the given virtual machine being obtained from a virtual machine image database in the shared storage; 
 to compute first freshness information of the decrypted image of the given virtual machine; 
 to verify that the first freshness information matches second freshness information prior to executing the decrypted image of the given virtual machine on the trusted computing cloud; 
 to initiate execution, at a first point in time responsive to verifying that the first freshness information matches the second freshness information, the decrypted image of the given virtual machine on the trusted computing cloud; 
 to update, at a second point in time after the first point in time, the second freshness information based at least in part on a current execution state of the given virtual machine on the trusted computing cloud, the updated second freshness information being signed utilizing at least one of the one or more decrypted client keys; and 
 to provide the signed updated second freshness information to the given client. 
 
 
     
     
       17. The apparatus of  claim 16  wherein verifying the integrity of the one or more software components running on the at least one processing device comprises:
 computing an integrity measurement of the one or more software components running on the at least one processing device; and 
 storing the computed integrity measurement in a platform configuration register of the hardware security module; 
 wherein the trusted cloud computing key is returned by the hardware security module responsive to verifying that the computed integrity measurement matches a reference value. 
 
     
     
       18. The apparatus of  claim 17  wherein storing the computed integrity measurement comprises extending a current value of the platform configuration register. 
     
     
       19. The apparatus of  claim 18  wherein storing the computed integrity measurement comprises:
 concatenating the computed integrity measurement with the current value of the platform configuration register; 
 hashing the concatenation of the computed integrity measurement with the current value of the platform configuration register; and 
 storing a result of the hashing as a new value of the platform configuration register. 
 
     
     
       20. The apparatus of  claim 16  wherein the request to execute the given virtual machine comprises a nonce value provided by the given client, and wherein verifying the first freshness information comprises:
 signing the first freshness information utilizing at least one of the one or more decrypted client keys; 
 sending a check freshness information message to the given client, the check freshness information message comprising the signed first freshness information and the nonce value; 
 receiving an acknowledgment message from the given client, the acknowledgement message being generated responsive to the given client verifying: the nonce in the check freshness information message; a signature of the signed first freshness information in the check freshness information message; and that the first freshness information matches the second freshness information.

Cited by (0)

No later patents cite this yet.

References (0)

No backward citations on record.